@@ -113,40 +113,50 @@ jobs:
113113 if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
114114
115115 - name : Prepare GPG key
116+ id : prepare_gpg
116117 run : |
117118 gpg --export > ~/.gnupg/pubring.gpg
118119 gpg --batch --pinentry-mode loopback --yes --passphrase '${{ secrets.GPG_PASSPHRASE }}' --export-secret-key > ~/.gnupg/secring.gpg
119120 echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor > $HOME/secring.gpg
121+ base64 -w 0 $HOME/secring.gpg > $HOME/secring.b64
122+ echo "secring=$(cat $HOME/secring.b64)" >> "$GITHUB_OUTPUT"
120123 echo "${{ secrets.GPG_PASSPHRASE }}" > $HOME/passphrase.txt
121124 echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
122125 echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
123126if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
124127
125128 - name : Publish Helm chart
126- uses : helm/chart-releaser-action@v1.7.0
129+ uses : bpsoraggi/helm-gh-pages@70c7ca46004e8432eb77cb3117a2474e2ec649be
127130 with :
131+ token : ${{ secrets.GHCR_TOKEN }}
128132 charts_dir : .
129- env :
130- CR_TOKEN : ${{ secrets.GITHUB_TOKEN }}
131- CR_KEY : ${{ steps.gpg.outputs.name }}
132- CR_SIGN : true
133+ charts_url : https://bpsoraggi.github.io/charts
134+ owner : bpsoraggi
135+ repository : charts
136+ branch : master
137+ target_dir : traefik
138+ index_dir : .
139+ commit_username : bpsoraggi
140+ commit_email : ${{ secrets.GH_EMAIL }}
141+ key : ${{ steps.gpg.outputs.name }}
142+ private_key : ${{ steps.prepare_gpg.outputs.secring }}
133143 if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
134144
135- - name : Publish Helm chart to the ghcr.io registry
136- uses : appany/helm-oci-chart-releaser@v0.5.0
137- with :
138- name : traefik
139- repository : bpsoraggi/helm
140- tag : ${{ steps.chart_version.outputs.CHART_VERSION }}
141- path : ./traefik
142- registry : ghcr.io
143- registry_username : bpsoraggi
144- registry_password : ${{ secrets.GHCR_TOKEN }}
145- sign : true
146- signing_key : ${{ steps.gpg.outputs.name }}
147- signing_passphrase : ${{ secrets.GPG_PASSPHRASE }}
148- update_dependencies : ' true'
149- if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
145+ # - name: Publish Helm chart to the ghcr.io registry
146+ # uses: appany/helm-oci-chart-releaser@v0.5.0
147+ # with:
148+ # name: traefik
149+ # repository: bpsoraggi/helm
150+ # tag: ${{ steps.chart_version.outputs.CHART_VERSION }}
151+ # path: ./traefik
152+ # registry: ghcr.io
153+ # registry_username: bpsoraggi
154+ # registry_password: ${{ secrets.GHCR_TOKEN }}
155+ # sign: true
156+ # signing_key: ${{ steps.gpg.outputs.name }}
157+ # signing_passphrase: ${{ secrets.GPG_PASSPHRASE }}
158+ # update_dependencies: 'true'
159+ # if: steps.tag_exists.outputs.TAG_EXISTS == 'false'
150160
151161 traefik-crds :
152162 runs-on : ubuntu-latest
@@ -259,27 +269,3 @@ jobs:
259269 registry_username : bpsoraggi
260270 registry_password : ${{ secrets.GHCR_TOKEN }}
261271 if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
262-
263- sign-traefik-crds :
264- needs : [ traefik-crds ]
265- runs-on : ubuntu-latest
266- if : needs.traefik-crds.outputs.TAG_EXISTS == 'false'
267- permissions :
268- contents : read
269- # This is used to create the OIDC token for signing the Helm chart
270- id-token : write
271- steps :
272-
273- - name : Login to GitHub Container Registry
274- run : echo ${{ secrets.GHCR_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
275-
276- - name : Install Cosign
277- uses : sigstore/cosign-installer@v3.9.1
278-
279- - name : Sign Helm chart
280- run : |
281- cosign sign --yes \
282- -a version="${{ needs.traefik-crds.outputs.CHART_VERSION }}" \
283- -a commitSha="$GITHUB_SHA" \
284- -a buildDate="$(date +%F)" \
285- ghcr.io/bpsoraggi/helm/traefik-crds:${{ needs.traefik-crds.outputs.CHART_VERSION }}
0 commit comments